Bug 149270 - logrotate is messing up with noexec mounted /tmp
logrotate is messing up with noexec mounted /tmp
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: logrotate (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Vrabec
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-21 15:06 EST by Michal Jaegermann
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-22 08:20:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Check this. (46.80 KB, text/plain)
2005-02-22 08:19 EST, Peter Vrabec
no flags Details

  None (edit)
Description Michal Jaegermann 2005-02-21 15:06:14 EST
Description of problem:

After an updgrade to FC3 logrotate fails to switch to new logs
with only not that informative messages from cron like:

error: error running shared postrotate script for /var/log/cups/*_log

Debugging information is not much more revealing either and
only strace eventually shows that logrotate writes to a file with
permissions 0700 in /tmp and tries to run that directly instead
of doing "sh /tmp/<whatever>".  With /tmp which happens to be mounted
"noexec" this clearly fails.

Moreover logrotate.conf does not provide any options to switch
temporary directory somewhere else. Luckily TMPDIR seems to work
but AFAICS this is not mentioned in a documentation either.

Older versions of logrotate did not suffer from this affliction
so this came as a nasty surprise.

Version-Release number of selected component (if applicable):
logrotate-3.7.1-2
Comment 1 Peter Vrabec 2005-02-22 08:19:57 EST
Created attachment 111293 [details]
Check this.

I hope it will work fine. Logrotate does not use tmpfile in /tmp to run script.
Comment 2 Michal Jaegermann 2005-02-22 11:44:08 EST
What I see in a code indeed it looks that it will work.  There is
one more nit, though.  Both the current and the previous code
(it was writing "#!/bin/sh\n\n" at the top of a temporary file)
presume that all logrorate scripts would have to comprise from
a valid sh code (well, bash in practical terms).  I do not see
that explicitely documented anywhere.

A trivial "one liner" shell wrapper really allows to use there
anything which will execute but one should not dig through sorces
to reach that conclusion.
Comment 3 Kristina Clair 2005-04-13 12:07:41 EDT
"Luckily TMPDIR seems to work
but AFAICS this is not mentioned in a documentation either."

How exactly would I use TMPDIR to get around this problem?  I tried defining it
in the shell script that runs logrotate, but that didn't help.
Comment 4 Michal Jaegermann 2005-04-13 13:12:34 EDT
export TMPDIR=/var/tmp

as the second line in /etc/cron.daily/logrotate should do assuming that
a version of /usr/sbin/logrotate pays attention to that variable.  Worksforme.
Comment 5 Michal Jaegermann 2005-10-16 12:28:36 EDT
3.7.1-5.RHEL4, with last changelog entries from 2005-07-13, is broken in
the same way as 3.7.1-2

Note You need to log in before you can comment on or make changes to this bug.